Dhruv Varshney

1) Incident Response [IR] on small scale to large scale attacks and Security Incidents involving Phishing and Malware Threats.
2) Classifying the Threat/Attack (Commodity , Targeted or APTs) on the basis of severity, Impact, Spread and vulnerability.
3) Mapping of the events, vectors, attributes and TTPs to campaigns, Threat Actors[TA] and Identifying IOCs, IOA.
4) Building SIEM rules and use cases based on above and Fine Tune them to avoid FPs as much as possible.
5) Creating Rules as per requirements, maintaining dashboards, ensuring log flow to SIEM and other relevant checks as a part of SOC Operation.
6) Dark Web monitoring on tools such as Flashpoint and Anomali and monitoring compromised Credentials,Cards and other related information.
7) Managing EDR, SIEM, Azure AD, Mail Gateway and other Tools and creating policies and rules.
8) SOC Operations [from L1 to L3] and handling queries and incidents from users and clients.

1) Device management and SOC monitoring for IDEA-IBM Project at IDEA Cellular Ltd ,Pune (Onsite Project)
2) Handling devices like Qradar (SIEM), Symantec Endpoint Protection, Websence Web Security Gateway and IBMProventia NIPS.
3) Working and knowledge in analyzing large amounts of diverse log data , Log hunting and Threat hunting includes finding various vulnerabilities and threat pattern.
4) Hands-on experience with security devices like Firewall, IPS/IDS, Web Proxy.
5) Knowledge of attack techniques, log analysis, alerts and reporting.
6) Monitoring IOC’s from various reputed and well known websites constantly and taking actions accordingly to prevent cyber attacks.